Hyland Connect

MichelGabriel · ‎01-13-2021

Hello,
(sorry in advance for my bad English)

I'm trying to migrate from Alfresco 5.2 to Alfresco 6.2 (docker version). I have configured Alfresco to use active directory.
I can authenticate into Alfresco share and get all my files without any problem (the migration seem to have worked well)

But, in the version 5.2 when I reach localhost:8080/alfresco/api/ a basic auth dialog open and I could enter my credentials to use the API.

With the version 6.2, when I reach the same page (localhost:8080/alfresco/api/) the basicAuth dialog doesn't show and a have a 401 error (Even if I'm not authenticated. I have no possibility to do it !)

How can I configure Alfresco to force this dialog to show up ?

I need it because we inject the basicAuth with an external application to download documents. Actually, we can not because the dialog doesn't show up and the user receive a 401 error.

Example of a request : http://localhost:8001/alfresco/api/-default-/public/cmis/versions/1.1/atom/content/my-dummy-file.pdf?id=ea830d4b-3d55-441b-bd90-3603fee01be3

We get a 401 instead of the correct file.

My configurations :

Docker-compose (alfresco)

services:

    alfresco:
        image: alfresco/alfresco-content-repository-community:6.2.0-ga
        container_name: itera-alfresco
        mem_limit: 8000m
        depends_on:
            - postgres
            - openldap
        environment:
            JAVA_OPTS: "
               -Ddb.driver=org.postgresql.Driver
                -Ddb.username=alfresco
                -Ddb.password=alfresco
                -Ddb.url=jdbc:postgresql://postgres:5432/alfresco
                -Dsolr.host=solr6
                -Dsolr.port=8983
                -Dsolr.secureComms=none
                -Dsolr.base.url=/solr
                -Dindex.subsystem.name=solr6
                -Dshare.host=localhost
                -Dshare.port=8080
                -Dalfresco.host=localhost
                -Dalfresco.port=8080
                -Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos
                -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
                -Ddeployment.method=DOCKER_COMPOSE
                -Dlocal.transform.service.enabled=true
                -DlocalTransform.pdfrenderer.url=http://alfresco-pdf-renderer:8090/
                -DlocalTransform.imagemagick.url=http://imagemagick:8090/
                -DlocalTransform.libreoffice.url=http://libreoffice:8090/
                -DlocalTransform.tika.url=http://tika:8090/
                -DlocalTransform.misc.url=http://transform-misc:8090/

                -Dlegacy.transform.service.enabled=true
                -Dalfresco-pdf-renderer.url=http://alfresco-pdf-renderer:8090/
                -Djodconverter.url=http://libreoffice:8090/
                -Dimg.url=http://imagemagick:8090/
                -Dtika.url=http://tika:8090/
                -Dtransform.misc.url=http://transform-misc:8090/
                -Dcsrf.filter.enabled=false
                -Xms4000m -Xmx8000m
                "
        volumes: 
            - ./config/ldap-authentication.properties:/usr/local/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties
            - ./config/alfresco-global.properties:/usr/local/tomcat/shared/classes/alfresco-global.properties
            -  alf_data:/usr/local/tomcat/alf_data
            # logs
            - ./logs/alfresco:/usr/local/tomcat/logs


    alfresco-pdf-renderer:
        image: alfresco/alfresco-pdf-renderer:2.1.0
        mem_limit: 1g
        environment:
            JAVA_OPTS: " -Xms256m -Xmx512m"
        ports:
            - 8090:8090

    imagemagick:
        image: alfresco/alfresco-imagemagick:2.1.0
        mem_limit: 1g
        environment:
            JAVA_OPTS: " -Xms256m -Xmx512m"
        ports:
            - 8091:8090

    tika:
        image: alfresco/alfresco-tika:2.1.0
        mem_limit: 1g
        environment:
            JAVA_OPTS: " -Xms256m -Xmx512m"
        ports:
            - 8093:8090

    transform-misc:
        image: alfresco/alfresco-transform-misc:2.1.0
        mem_limit: 1g
        environment:
            JAVA_OPTS: " -Xms256m -Xmx512m"
        ports:
            - 8094:8090

    libreoffice:
        image: alfresco/alfresco-libreoffice:2.1.0
        mem_limit: 1g
        environment:
            JAVA_OPTS: " -Xms256m -Xmx512m"
        ports:
            - 8092:8090

    share:
        image: alfresco/alfresco-share:6.2.0
        container_name: share
        mem_limit: 1g
        environment:
            REPO_HOST: "alfresco"
            REPO_PORT: "8080"
            JAVA_OPTS: "
                -Xms500m
                -Xmx500m
                -Dalfresco.host=postautoiteradev.switzerlandnorth.cloudapp.azure.com
                -Dalfresco.port=8080
                -Dalfresco.context=alfresco
                -Dalfresco.protocol=http
                "
        volumes:
            - ./config/share-config.xml:/usr/local/tomcat/webapps/share/WEB-INF/classes/alfresco/share-config.xml

    postgres:
        image: postgres:11.4
        mem_limit: 512m
        restart: always
        environment:
            - POSTGRES_PASSWORD=alfresco
            - POSTGRES_USER=alfresco
            - POSTGRES_DB=alfresco
        command: postgres -c max_connections=300 -c log_min_messages=LOG
        ports:
            - 5432:5432

    solr6:
        image: alfresco/alfresco-search-services:1.4.0
        mem_limit: 2g
        environment:
            #Solr needs to know how to register itself with Alfresco
            - SOLR_ALFRESCO_HOST=alfresco
            - SOLR_ALFRESCO_PORT=8080
            #Alfresco needs to know how to call solr
            - SOLR_SOLR_HOST=solr6
            - SOLR_SOLR_PORT=8983
            #Create the default alfresco and archive cores
            - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive
            #HTTP by default
            - ALFRESCO_SECURE_COMMS=none
            - "SOLR_JAVA_MEM=-Xms2g -Xmx2g"
        ports:
            - 8083:8983 #Browser port

    activemq:
        image: alfresco/alfresco-activemq:5.15.8
        mem_limit: 1g
        ports:
            - 8161:8161 # Web Console
            - 5672:5672 # AMQP
            - 61616:61616 # OpenWire
            - 61613:61613 # STOMP
            
    proxy:
        image: alfresco/acs-community-ngnix:1.0.0
        mem_limit: 128m
        depends_on:
            - alfresco
        ports:
            - 8080:8080
        links:
            - alfresco
            - share

    openldap:
        image: osixia/openldap:1.2.2
        container_name: openldap
        restart: always
        environment:
            LDAP_DOMAIN: "softcom.pro"
            LDAP_ADMIN_PASSWORD: "LS4aISxv3lvc"
            LDAP_CONFIG_PASSWORD: "LS4aISxv3lvc"
            LDAP_READONLY_USER: "true"
        ports:
        - "389:389"
        volumes:
        - openldap-data:/var/lib/ldap
        - openldap-config:/etc/ldap/slapd.d
        - ./config/openldap/prepopulate:/container/service/slapd/assets/config/bootstrap/ldif/custom
        command: --copy-service

volumes:
    openldap-data:
    openldap-config:
    alf_data:

alfresco-global.properties

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
synchronization.synchronyzeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=false
synchronization.import.cron=0 0 12 * * ?

external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyHeader=X-Alfresco-Remote-User
external.authentication.enabled=true
transform.service.enabled=true
local.transform.service.enabled=true
legacy.transform.service.enabled=true

ldap-authentication.properties

ldap.authentication.active=true
# Full DN format to login
ldap.authentication.userNameFormat=uid\=%s,ou\=people,ou\=ec,dc\=softcom,dc\=pro
ldap.authentication.java.naming.provider.url=ldap://openldap:389

ldap.synchronization.active=true
# Anonymous access for sync
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=admin,dc=softcom,dc=pro
ldap.synchronization.java.naming.security.credentials=LS4aISxv3lvc


ldap.synchronization.groupQuery=(objectclass\=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfUniqueNames)(!(modifyTimestamp<\={0})))

ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=ou\=ec,dc\=softcom,dc\=pro
ldap.synchronization.userSearchBase=ou\=people,ou\=ec,dc\=softcom,dc\=pro

ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider

ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfUniqueName
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=uniqueMember

Thank you in advance for your answers !

arjunmony · ‎02-12-2021

Hello,

From alfresco-remote-api.6.3, web browser will not present basic auth popup by default, so operations like CMIS Browsing will not be allowed from browser. In alfresco 6 they have fixed the basic authentication issue. So you have to modify your code with the header something like below,

 const header = proxyRes.headers['www-authenticate'];
            if (header && header.startsWith('Basic')) {
                proxyRes.headers['www-authenticate'] = 'x' + header;
            }

https://docs.alfresco.com/6.1/concepts/dev-api-by-language-alf-rest-auth-with-repo.html.

If you want a workaround you have to add a new property to alfresco-global.properties

alfresco.restApi.basicAuthScheme=true

https://angelborroy.wordpress.com/2018/05/15/alfresco-6-restoring-browser-basic-auth-popup-for-remot...

View answer in original post

arjunmony · ‎02-12-2021